NtOpenFile 返回 STATUS

本文介绍了NtOpenFile 返回 STATUS_OBJECT_NAME_INVALID的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！

问题描述

限时送ChatGPT账号..

以下代码尝试使用 NtOpenFile 生成文件句柄:

Following code tries to spawn a file handle using NtOpenFile :

HANDLE spawnFileHandle(){
HANDLE ret;
IO_STATUS_BLOCK IoStatusBlock;
OBJECT_ATTRIBUTES ObjectAttributes;
ObjectAttributes.SecurityDescriptor=0;
ObjectAttributes.SecurityQualityOfService=0;
ObjectAttributes.RootDirectory=0;
ObjectAttributes.Attributes=0;
ObjectAttributes.Length=sizeof(OBJECT_ATTRIBUTES);

WCHAR stringBuffer[5048];
UNICODE_STRING  string;
string.Buffer = stringBuffer;
lstrcpyW(stringBuffer, L"\\??\\");
lstrcatW(stringBuffer, EXEPath);
string.Length = lstrlenW(stringBuffer)*2; // Edit after comment.
string.MaximumLength = 5048;
ObjectAttributes.ObjectName=&string;
NTSTATUS error=origZwOpenFile(&ret, FILE_READ_DATA, &ObjectAttributes, &IoStatusBlock, FILE_SHARE_READ, 0);
printf("huh %ls %x", stringBuffer, error);
return ret;
}

但它总是返回 STATUS_OBJECT_NAME_INVALID，例如:

but it allways returns STATUS_OBJECT_NAME_INVALID, example :

[HBIP] - 因为我偏执而隐藏 -.-

Edit : [HBIP] - Hidden Because Im Paranoid -.-

EXE path : C:\Users\n00b\Desktop\[HBIP]\Debug\[HBIP].exe
huh \??\C:\Users\n00b\Desktop\[HBIP]\Debug\[HBIP].exe c0000033
Spawned Handle : cccccccc

可能是什么原因?

推荐答案

UNICODE_STRING 结构要求 Length 和 MaximumLength 以字节为单位.请注意，这些值将始终为偶数.

The UNICODE_STRING structure expects both Length and MaximumLength to be in bytes. Note that these values will always be even.

您收到 STATUS_OBJECT_NAME_INVALID 因为您的 Length 是奇数，因此无效.

You're getting STATUS_OBJECT_NAME_INVALID because your Length is an odd number, therefore invalid.

这篇关于NtOpenFile 返回 STATUS_OBJECT_NAME_INVALID的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！